About the CISSP Exam



  • Exam length:3 hours maximum
  • Number of questions vary – Computerized Adaptive Testing
  • Mostly multiple choice with a single answer
    • Few  to no multiple choice questions with multiple answers
    • Few or no exhibits/simulations
    • Starts with easiest question in a topics and progressively becomes harder
  • Mark and review: No
  • Go back and change answers: No
  • Real exam cost: About $699
  • This is the official profile from ISC2 that elaborates on the test and certification: CISSP Profile

Domains covered:

  • 1. Security and Risk Management – 15%
  • 2. Asset Security – 10%
  • 3. Security Architecture and Engineering – 13%
  • 4. Communication and Network Security – 14%
  • 5. Identity and Access Management (IAM) – 13%
  • 6. Security Assessment and Testing – 12%
  • 7. Security Operations – 13%
  • 8. Software Development Security – 10%


The Exam Content

Overview: The content of the exam is very wide and sometimes deep, sometimes very shallow.

For the most part, this will test to see if you know:

  • What a topic is
  • The order, sorting and priorities, given lists of items
  • Making the best choice from among several valid choices, given a circumstance
  • Technical functionality of defensive systems
  • Laws and legal concepts
  • Risk management in-depth
  • Organization roles
  • Cryptography
  • Broad knowledge in Identity and Access Management
  • Security assessment
  • BC and DRP
  • Incident response
  • Software development models, threats and countermeasures

That being said, there is a lot of material to cover. In the official training material, there are 700+ hundred pages.N

Question Quality

The quality of the questions is generally good, but sometimes frustratingly vague. One may see misunderstanding of a concept in the question.

The testing has switched over to CAT – Computerized Adaptive Testing. You’ll be tested with easiest items first, upon getting some number of them right, the test will select harder ones, until you have either scored correctly enough to pass a topic, of not enough to possibly pass.

The test will simply end … somewhere between 100 and 150 questions.